Everything you wanted to know about spam (the junk mail, not the meat)

Wednesday

Jun 20, 2007 at 12:01 AMJun 20, 2007 at 7:23 PM

Q&A about spam. With sidebar.

Eleni Himaras

Who is Agamemnon Q. Zuchowski, how did he get your e-mail address and what business does he have trying to sell you Cialis? There is, of course, no such person. A computer program generated the name, guessed your e-mail address and sent you what was, at least on the surface, an advertisement for a male reproductive drug.

Most e-mail that hits your in-box every day is junk. It’s junk that tries to sell you something, or worse, junk that is trying to hack into your computer and commandeer it to send out more junk.

And it’s junk that you pay for. The more spam there is, the bigger your Internet service provider has to be to handle the volume of messages coming through.

Marshall Van Alstyne, associate professor of information systems at Boston University, knows a lot about spam. We asked him to shed some light on these questions:

Q. What is it?

A. Spam can most easily be defined as any e-mail you don’t want. It can be broken down into categories like product spam (pornography, pills, fake watches), political or religious advertising and viruses.

The better way to look at spam, however, is by what it is trying to get out of you. Some of the pornography and fake Rolex sites will actually send you their shady product. But other messages may also be a scam to get your credit card information in an attempt to steal your identity. Or it may be a phishing system that will suck information out of your computer if you open the message.

It might even be a specialized virus that will commandeer your computer and turn it into a “spam zombie” that sends messages worldwide without your knowledge. Unfortunately, with this system of defining spam, there is no way to tell which category it falls in when it all looks the same.

Q. How are people making money from it?

A. Van Alstyne said sending out mass e-mails is so cheap that spammers can turn a profit if only one of every 10,000 people falls for the scam.

Legitimate advertising costs money, therefore a company will typically spend money on researching a client base. With spam, it costs nothing to send an advertisement for an erectile dysfunction, so a 13-year-old is just as likely to get the e-mail as a 70-year-old man.

Another recent scam is the “pump and dump” method, in which spammers can stay hidden. They buy stock in a small company, advertise the company through spam, jack up the stock price, and then sell, sell, sell – and destroy the company.

Q. How do they do it?

A. Spammers can acquire your e-mail address from a variety of locations. There are “spider” programs that will crawl around the Web searching for any viable e-mail address to add to the list. There are also programs that will search address books of e-mails they have already found to infect all of that person’s contacts.

Spammers love what is known as the dictionary attack. This is where Agamemnon Q. Zuchowski comes in. The spammer will create a database of first and last names and pair them and add a viable suffix like gmail.com or yahoo.com.

This works for them in two ways: if you happen to be (your name)@gmail.com, they can send you junk. But they can also pretend to be (your name)@gmail.com and send messages from your account.

Q. Is it illegal?

A. The only federal legislation concerning spam is the CAN-SPAM Act of 2003.

Yes, our ever-clever Congress actually called it that, and it stands for Controlling the Assault of Non-Solicited Pornography and Marketing Act.

It bans the use of false or misleading sender and recipient information, prohibits deceptive subject lines, requires that your e-mail give recipients an opt-out method and requires that commercial e-mail be identified as an advertisement and include the sender’s physical postal address.

There is a bit more to it but those are the major sections. Violations of the act can carry penalties of up to $11,000. The problem with the legislation is that any company willing to break the law is willing to break it to the degree where they won’t get caught.

If someone is using a spam zombie to send out mass e-mails, it is illegal, but there is no effective way to catch or prosecute them. Investigating and prosecuting becomes more difficult when spam is routed through a computer outside the United States, in which case it is outside the jurisdiction of the federal government.

Q. What damage does it do?

A. Spam is flat-out annoying, but worse, it takes up the majority of space on Internet service providers. This is space you pay for. Various research companies estimate that almost half and up to 90 percent of e-mail is junk.

According to the statistics Web site Toptenreviews, spam costs noncorporation consumers $255 million a year. The bill for corporate Internet users is $8.9 billion.

Q. I have a spam blocker. Will that solve the problem?

A. There are two types of spam control – laws and technology. Van Alstyne says both have serious flaws.

Legally, it is difficult to find spammers, and even harder to define spam. There are the illegal drug companies – those are easy. But the line blurs when it comes to charitable organizations or companies that you have given your e-mail address to. It is impossible to regulate an indefinable crime.

There is plenty of technology out there that hinders spam, but even those programs are flawed.

Spam is Internet pollution, Van Alstyne said, and should be attacked at its source.

“If you try to clean up pollution on a building or smokestack, you put it on the source or the building. With technology and spam, you are putting it on the destination – each of us effectively has to have a gas mask. It’s terribly inefficient,” he said.

Even if blockers catch the majority of spam, they will inevitably catch some of the mail you want to receive. When you have to read through your blocked folder to see if any good mail was routed there, well, there goes the point of having a spam blocker.

There are also blockers to prevent e-mails that are sent out on a mass scale, but problems arise if you subscribe to an online magazine or a store – that’s an e-mail you want.

Spam blockers can be set to block mail from unidentified senders, but often in the business world, you want new clients to be able to contact you.